From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Wed, 31 May 2023 17:10:23 +0200
Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <oss-tools-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1q4NSz-004Ouv-4e
	for lore@lore.pengutronix.de; Wed, 31 May 2023 17:10:23 +0200
Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de)
	by metis.ext.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <oss-tools-bounces@pengutronix.de>)
	id 1q4NSv-0003O4-6R; Wed, 31 May 2023 17:10:21 +0200
Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <afa@pengutronix.de>)
 id 1q4NSs-0003Li-Lt; Wed, 31 May 2023 17:10:18 +0200
Received: from [2a0a:edc0:0:1101:1d::54] (helo=dude05.red.stw.pengutronix.de)
 by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2)
 (envelope-from <afa@pengutronix.de>)
 id 1q4NSs-00495K-2L; Wed, 31 May 2023 17:10:18 +0200
Received: from afa by dude05.red.stw.pengutronix.de with local (Exim 4.94.2)
 (envelope-from <afa@pengutronix.de>)
 id 1q4NSr-005tJz-1a; Wed, 31 May 2023 17:10:17 +0200
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: oss-tools@pengutronix.de
Date: Wed, 31 May 2023 17:10:15 +0200
Message-Id: <20230531151015.1404262-5-a.fatoum@pengutronix.de>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230531151015.1404262-1-a.fatoum@pengutronix.de>
References: <20230531151015.1404262-1-a.fatoum@pengutronix.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [OSS-Tools] [PATCH 5/5] barebox-state: fix use after free in error
 path
X-BeenThere: oss-tools@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Pengutronix Public Open-Source-Development <oss-tools.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/oss-tools>, 
 <mailto:oss-tools-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/oss-tools/>
List-Post: <mailto:oss-tools@pengutronix.de>
List-Help: <mailto:oss-tools-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/oss-tools>, 
 <mailto:oss-tools-request@pengutronix.de?subject=subscribe>
Sender: "OSS-Tools" <oss-tools-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: oss-tools-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false

blob_bin is freed a few lines above unconditionally, so freeing it
again in the error path will cause a double free.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 src/keystore-blob.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/keystore-blob.c b/src/keystore-blob.c
index ed6ecb4eaa25..8ec07f0a3d56 100644
--- a/src/keystore-blob.c
+++ b/src/keystore-blob.c
@@ -81,10 +81,8 @@ int keystore_get_secret(const char *name, const unsigned char **key, int *key_le
 
 	/* payload */
 	fd = open(blob_gen_payload, O_RDONLY);
-	if (fd < 0) {
-		free(blob_bin);
+	if (fd < 0)
 		return -errno;
-	}
 
 	payload = xzalloc(len);
 	len = read(fd, payload, len);
-- 
2.39.2